Microsoft Help Workshop is vulnerable to a remote code execution exploit while processing malformed .cnt files.
A POC, made by porkythepig, has already been released and are already found in numerous sites like milw0rm.com.
The Microsoft Help Workshop is not included in the default installation of Microsoft Windows, it is however a standard component of MS Visual Studio v6 and 2003 (.NET) and if .cnt files are already associated with Help Workshop all that’s needed is for the user to double click the file, so please still be on the lookout for malwares exploiting this vulnerability.
Still, the best approach for this is user alertness, be wary of email attachments with the .cnt extension, and rather be wary of ALL email attachments especially if you’re not expecting any.
